Your issue is most likely SSL trust-related. When the CAS servers sends your app server a service ticket, your app server needs to act as an HTTP client and connects to your CAS server to verify the ticket. If your app server doesn't trust the certificate chain on the CAS server, that verification step fails and the request remains anonymous. The CAS client sees the anonymous request, redirects out to the CAS server, which sees that the user already has a ticket-granting ticket. It generates a new service ticket and redirects back to your app. Verification fails, rinse, repeat.
Try removing the proxyTicketManager from your config file as a starting point. This will disable proxy ticket support. Proxy ticket support further complicates the situation above because in that case the CAS server also attempts to establish an SSL connection to your app server. This requires your CAS server trusts the certificate your app server is presenting. You should probably turn this off while troubleshooting so that you're not trying to troubleshoot 2 issues at the same time. I'm pretty sure that a breakdown in either type of verification (ST verification or PGT-IOU/PGT exchange) will cause a redirect loop. -Scott On Thu, Jul 18, 2013 at 1:43 PM, Adam Causey <[email protected]> wrote: > Hello, > > I am trying to help setup a client application to authentication via our > CAS server. The application is using the .Net CAS client, which I have > little experience with. The 'handshake' with CAS is working, and the XML > is being returned from CAS. However, once the authentication completes, > the client doesn't recognize that the user has been authenticated and > redirects (302) back to CAS, which in turn sees the user is already logged > in and redirects back to the application. This process continues until the > browser stops the process. > > The application itself doesn't seem to be the issue - it appears to be > something with the .Net Cas Client. Has anyone experienced a similar issue > with this client, or are there any basic configurations out there that I > could take a look at? > > Thank you, > Adam > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
